Re: Cisco Catalyst - SNORT

[Jeff Nathan <jeff () snort org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Gary,

This was a phenomenally well written response.

- --On Friday, June 27, 2003 22:54 -0400 Gary Flynn <flynngn () jmu edu> wrote:

> >
> If the bus is synchronous, the clock could be used to gate the bits into
> registers and ASICs dedicated to the port. No impact on central
> processing. No interrupts.. The port hardware is told to accept all data
> on every clock pulse by a simple logic level on a gate. It may be more
> complicated than that if there is data on the bus other than the packet
> stream but you get the idea. The data on the bus may identify itself as
> packet data. There may be codes that delimit packet data. Lots of
> possibilities. All can be handled by hardware with a couple of logic
> level changes that doesn't require a processor.

Sure, a synchronous bus would, by design, use the clock for synchronous 
operations such as gating.  If the gate implementation simply assumes all 
frame data on an interface is dually destined, then it could operate as you 
describe it.  In the case of having to perform any processing on the frame, 
that's where something other than bus-level operations are required... a 
processor's going to have to do some work, right?

> I don't know if it works that way but Cisco switch/routers process the
> beginnings of a flow in software and then claim to switch the rest of the
> flow in hardware. I can see where the processor could set up some
> registers and flip-flops and everything would cascade through discrete
> logic gates as long as the address/port/ID inputs match the preset
> values. To do it promiscuously would seem to be trivial in comparison.

Ahh, there you go.  Filling in the details of my question.  I have no 
hands-on knowledge of actual implementations but I'll bet your explanation 
is pretty close to actual implementation.

> Sort of goes back to the old computers that were set up by an operator
> with patch cords and then let everything fly through it for a fixed set
> of operations. Once set up, the data itself drove everything through as
> it was presented.
>
> All hypothetical.

Very informative.  I've been heads down in software for a while.. it's easy 
to forget some systems run without an OS.

- -Jeff

- --
http://cerberus.sourcefire.com/~jeff       (gpg key available)
Great spirits have always encountered violent opposition from mediocre
minds.
- - Albert Einstein
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (Darwin)

iD8DBQE+/SY2Eqr8+Gkj0/0RAncAAJ9mvoJUSE/Xb67OaQN6xGHo6QTiHwCfdVTN
JLD5MSBZaPlMzL0NtCBDVAg=
=Op0l
-----END PGP SIGNATURE-----



-------------------------------------------------------
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa00100006ave/direct;at.asp_061203_01/01
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users